Files

Sun Microsystems Advisory #220 - A double free bug in the zlib compression library allows the Java(TM) Runtime Environment to be crashed by remote users. SDK and JRE 1.4.0 and below on Windows and SDK and JRE 1.2.2_011 or earlier on Solaris, and SDK and JRE 1.4.0 on Linux is affected. Releases for JDK and JRE 1.1.x should no longer be used. This vulnerability does not affect the Java 2 SDK, Standard Edition, v 1.4.1 release.

Sun Microsystems Security Bulletin #208 - A vulnerability in the Java Runtime Environment (JRE) may allow an untrusted applet to access the system clipboard. Netscape 6 is vulnerable if the JRE 1.3.0_02 or 1.3.0_01 is used. The default Java runtime environments of Netscape Navigator(TM) and Microsoft Internet Explorer are not vulnerable.

Sun Microsystems Security Bulletin #206 - Solaris 2.6, 7, and 8 for Sparc and x86 runs the BSD print daemon which has a buffer overflow allowing remote attackers to execute code as root if they have access to print.

Sun Microsystems Security Bulletin #203 - The ypbind daemon runs on all client and server machines that are set up to use NIS. A buffer overflow vulnerability has been discovered in ypbind which may be exploited by a local or a remote attacker to gain root access. Vulnerable systems include SunOS 5.8, 5.8_x86, 5.7, 5.7_x86, 5.6, 5.6_x86, 5.5.1, 5.5.1_x86, 5.5, 5.5_x86, 5.4, and 5.4_x86.

Sun Microsystems Security Bulletin #201 - A vulnerability in certain versions of the Java(TM) Runtime Environment may allow malicious Java code to execute unauthorized commands. However, permission to execute at least one command must have been granted in order for this vulnerability to be exploited. Since no permission is granted by default, the circumstances necessary to exploit this vulnerability are relatively rare.

Sun Microsystems Security Bulletin #198 - The Java Runtime Environment (JRE) may allow an untrusted Java class to call into a disallowed class. Other vendors Java implementations which are derived from Sun's Java Development Kit (JDK) source base are also vulnerable. JDK/JRE 1.2.2_05 or earlier is affected. Fix available here.

Sun Microsystems Advisory #197 - Sun announces patches for Java Web Server 2.0 and 1.1.3 which relate to a vulnerability with the administration module. It is possible to use the administration module to invoke servlets on a Java Web Server. With carefully crafted JSP tags it is possible to execute arbitrary commands on the Web Server. All versions of the Java Web Server are affected.

Sun Microsystems Security Bulletin - AnswerBook2 below v1.4.2 ships with dwhttpd which has a vulnerability which allows a malicious user to access the administration of AnswerBook2 as well as the ability to run arbitrary commands on the remote host as the webserver user (daemon).

Sun Microsystems Security Bulletin #194 - Sun announces the release of patches for Solaris 7 which relate to four vulnerabilities in BIND reported in CERT Advisory CA-99-14 which allow remote attackers to crash or degrade the performance of named.

Sun Security Bulletin #191 - The sadmind program is installed by default on SunOS 5.7, 5.6, 5.5.1, and 5.5. In SunOS 5.4 and 5.3. A buffer overflow vulnerability has been discovered in sadmind which is exploited by a remote attacker to execute arbitrary instructions and gain root access.